EV 263 600 908 US 
What is claimed is: 



CLAIMS 



Docket No. SUN-040105 
811173-000425 



1. A method for digital content access control, comprising: 

sending a digital content request comprising a request for digital content; 
receiving an authenticated digital content request in response to said sending said digital 
content request; 

sending said authenticated digital content request including one or more delivery parameters 
to a content repository that provides storage for said digital content, said one or more 
delivery parameters identifying a target device to receive digital content referenced by 
said authenticated digital content request; 

receiving encrypted digital content in response to said sending said authenticated digital 
content request; and 

sending said encrypted digital content to said target device, said target device for decrypting 
said encrypted digital content to create decrypted digital content and for rendering said 
decrypted digital content on said target device. 



2. The method of claim 1 wherein 

said digital content request comprises a Universal Resource Locator (URL); and 
said authenticated digital content request comprises a tokenized URL. 
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3. The method of claim 2 wherein said tokenized URL further comprises a token comprising a 
cryptogram based at least in part on an identifier that describes the location of said digital 
content. 

4. The method of claim 3, further comprising sending said token to said target device. 

5. The method of claim 3 wherein said token is from a token pool associated with the location 
of digital content for which access is authorized. 

6. -The method of claim 1 wherein said one or more delivery parameters comprises a serial 
number uniquely identifying said target device. 

7. The method of claim 1 wherein said one or more delivery parameters comprises a master 
key indicator for use in decrypting an encrypted form of said digital content. 

8. The method of claim 1 wherein said one or more delivery parameters comprises a key 
derivation process indicator for use in deriving a cryptographic key for decrypting an 
encrypted form of said digital content. 

9. The method of claim 1 wherein said one or more delivery parameters comprises a 
cryptographic process indicator that specifies a cryptographic process supported by said 
target device. 
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10. A program storage device readable by a machine, embodying a program of instructions 
executable by the machine to perform a method for digital content access control, the 
method comprising; 

sending a digital content request comprising a request for digital content; 
receiving an authenticated digital content request in response to said sending said digital 
content request; 

sending said authenticated digital content request including one or more delivery parameters 
to a content repository that provides storage for said digital content, said one or more 
delivery parameters identifying a target device to receive digital content referenced by 
said authenticated digital content request; 

receiving encrypted digital content in response to said sending said authenticated digital 
content request; and 

sending said encrypted digital content to said target device, said target device for decrypting 
said encrypted digital content to create decrypted digital content and for rendering said 
decrypted digital content on said target device. 

11. The program storage device of claim 10 wherein 

said digital content request comprises a Universal Resource Locator (URL); and 
said authenticated digital content request comprises a tokenized URL. 

12. The program storage device of claim 1 1 wherein said tokenized URL further comprises a 
token comprising a cryptogram based at least in part on an identifier that describes the 
location of said digital content. 
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13. The program storage device of claim 12, further comprising sending said token to said target 
device. 

14. The program storage device of claim 12 wherein said token is from a token pool associated 
with the location of digital content for which access is authorized. 

15. The program storage device of claim 10 wherein said one or more delivery parameters 
comprises a serial number uniquely identifying said target device. 

16. The program storage device of claim 10 wherein said one or more delivery parameters 
comprises a master key indicator for use in decrypting an encrypted form of said digital 
content. 

17. The program storage device of claim 10 wherein said one or more delivery parameters 
comprises a key derivation process indicator for use in deriving a cryptographic key for 
decrypting an encrypted form of said digital content. 

18. The program storage device of claim 10 wherein said one or more delivery parameters 
comprises a cryptographic process indicator that specifies a cryptographic process supported 
by said target device. 

19. An apparatus for digital content access control, comprising: 
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means for sending a digital content request comprising a request for digital content; 
means for receiving an authenticated digital content request in response to said sending said 
digital content request; 

means for sending said authenticated digital content request including one or more delivery 
parameters to a content repository that provides storage for said digital content, said one 
or more delivery parameters identifying a target device to receive digital content 
referenced by said authenticated digital content request; 

means for receiving encrypted digital content in response to said sending said authenticated 
digital content request; and 

means for sending said encrypted digital content to said target device, said target device for 
decrypting said encrypted digital content to create decrypted digital content and for 
rendering said decrypted digital content on said target device. 

20. The apparatus of claim 19 wherein 

said digital content request comprises a Universal Resource Locator (URL); and 
said authenticated digital content request comprises a tokenized URL. 

21. The apparatus of claim 20 wherein said tokenized URL further comprises a token 
comprising a cryptogram based at least in part on an identifier that describes the location of 
said digital content. 

22. The apparatus of claim 21, further comprising means for sending said token to said target 
device. 
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23. The apparatus of claim 21 wherein said token is from a token pool associated with the 
location of digital content for which access is authorized. 

24. The apparatus of claim 19 wherein said one or more delivery parameters comprises a serial 
number uniquely identifying said target device. 

25. The apparatus of claim 19 wherein said one or more delivery parameters comprises a master 
key indicator for use in decrypting an encrypted form of said digital content. 

26. The apparatus of claim 19 wherein said one or more delivery parameters comprises a key 
derivation process indicator for use in deriving a cryptographic key for decrypting an 
encrypted form of said digital content. 

27. The apparatus of claim 19 wherein said one or more delivery parameters comprises a 
cryptographic process indicator that specifies a cryptographic process supported by said 
target device. 

28. An apparatus for digital content access control, the apparatus comprising: 
a memory for storing said digital content; and 

a processor configured to: 

send a digital content request comprising a request for digital content; 
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receive an authenticated digital content request in response to said sending said digital 
content request; 

send said authenticated digital content request including one or more delivery parameters to 
a content repository that provides storage for said digital content, said one or more 
delivery parameters identifying a target device to receive digital content referenced by 
said authenticated digital content request; 

receive encrypted digital content in response to said sending said authenticated digital 
content request; and 

send said encrypted digital content to said target device, said target device for decrypting 
said encrypted digital content to create decrypted digital content and for rendering said 
decrypted digital content on said target device. 

29. The apparatus of claim 28 wherein said processor is further configured to receive said digital 
content in response to said authenticated digital content request. 

30. The apparatus of claim 28 wherein said apparatus comprises a smart card. 

31. The apparatus of claim 30 wherein said smart card comprises a Java Card™ technology- 
enabled smart card. 

32. The apparatus of claim 30 wherein said smart card comprises a CDMA (Code Division 
Multiple Access) technology-enabled smart card. 
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33. The apparatus of claim 30 wherein said smart card comprises a SIM (Subscriber Identity 
Module) card. 

34. The apparatus of claim 30 wherein said smart card comprises a WIM (Wireless Interface 
Module). 

35. A method for digital content access control, comprising: 

receiving a token comprising a cryptogram based at least in part on an identifier that 

describes the location of said digital content; 
preparing a session key, said preparing comprising applying a cryptographic process to a 

key based at least in part on said token together with a target key to create said session 

key, said target key based at least in part on a master key and a target ID, said target ID 

identifying a target device; 
receiving encrypted digital content; 

decrypting said encrypted digital content using said session key to create decrypted digital 

content; and 
rendering said decrypted digital content. 

36. The method of claim 35 wherein said preparing is performed on a smart card. 

37. The method of claim 35 wherein said token is from a token pool associated with the location 
of digital content for which access is authorized. 
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38. A method for digital content access control, comprising: 

receiving a tokenized URL comprising a token having a cryptogram based at least in part on 

an identifier that describes the location of said digital content; 
preparing a session key, said preparing comprising applying a cryptographic process to a 

key based at least in part on said token together with a target key to create said session 

key, said target key based at least in part on a master key and a target ID, said target ID 

identifying a target device; 
receiving encrypted digital content; 

decrypting said encrypted digital content using said session key to create decrypted digital 

content; and 
rendering said decrypted digital content. 

39. The method of claim 38 wherein said preparing is performed on a smart card. 

40. The method of claim 38 wherein said token is from a token pool associated with the location 
of digital content for which access is authorized. 

41. A program storage device readable by a machine, embodying a program of instructions 
executable by the machine to perform a method for digital content access control, the 
method comprising: 

receiving a token comprising a cryptogram based at least in part on an identifier that 
describes the location of said digital content; 
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preparing a session key, said preparing comprising applying a cryptographic process to a 
key based at least in part on said token together with a target key to create said session 
key, said target key based at least in part on a master key and a target ID, said target ID 
identifying a target device; 

receiving encrypted digital content; 

decrypting said encrypted digital content using said session key to create decrypted digital 

content; and 
rendering said decrypted digital content. 

42. The program storage device of claim 41 wherein said preparing is performed on a smart 
card. 

43. The program storage device of claim 41 wherein said token is from a token pool associated 
with the location of digital content for which access is authorized. 

44. A program storage device readable by a machine, embodying a program of instructions 
executable by the machine to perform a method for digital content access control, the 
method comprising: 

receiving a tokenized URL comprising a token having a cryptogram based at least in part on 

an identifier that describes the location of said digital content; 
preparing a session key, said preparing comprising applying a cryptographic process to a 

key based at least in part on said token together with a target key to create said session 
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key, said target key based at least in part on a master key and a target ID, said target ID 
identifying a target device; 
receiving encrypted digital content; 

decrypting said encrypted digital content using said session key to create decrypted digital 

content; and 
rendering said decrypted digital content. 

45. The program storage device of claim 44 wherein said preparing is performed on a smart 
card. 

46. The program storage device of claim 44 wherein said token is from a token pool associated 
with the location of digital content for which access is authorized. 

47. An apparatus for digital content access control, comprising: 

means for receiving a token comprising a cryptogram based at least in part on an identifier 

that describes the location of said digital content; 
means for preparing a session key, said preparing comprising applying a cryptographic 

process to a key based at least in part on said token together with a target key to create 

said session key, said target key based at least in part on a master key and a target ID, 

said target ID identifying a target device; 
means for receiving encrypted digital content; 

means for decrypting said encrypted digital content using said session key to create 
decrypted digital content; and 
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means for rendering said decrypted digital content. 

48. The apparatus of claim 47 wherein said means for preparing comprises a smart card. 

49. The apparatus of claim 47 wherein said token is from a token pool associated with the 
location of digital content for which access is authorized. 

50. An apparatus for digital content access control, comprising: 

means for receiving a tokenized URL comprising a token having a cryptogram based at least 
in part on an identifier that describes the location of said digital content; 

means for preparing a session key, said preparing comprising applying a cryptographic 
process to a key based at least in part on said token together with a target key to create 
said session key, said target key based at least in part on a master key and a target ID, 
said target ID identifying a target device; 

means for receiving encrypted digital content; 

means for decrypting said encrypted digital content using said session key to create 

decrypted digital content; and 
means for rendering said decrypted digital content. 

51. The apparatus of claim 50 wherein said means for preparing comprises a smart card. 

52. The apparatus of claim 50 wherein said token is from a token pool associated with the 
location of digital content for which access is authorized. 
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53. An apparatus for digital content access control, the apparatus comprising: 
a memory for storing said digital content; and 

a processor configured to: 

receive a token comprising a cryptogram based at least in part on an identifier that 

describes the location of said digital content; 
prepare a session key, said preparing comprising applying a cryptographic process to a 

key based at least in part on said token together with a target key to create said 

session key, said target key based at least in part on a master key and a target ID, 

said target ID identifying a target device; 
receive encrypted digital content; 

decrypt said encrypted digital content using said session key to create decrypted digital 

content; and 
render said decrypted digital content. 

54. The apparatus of claim 53 wherein said apparatus comprises a smart card. 

55. The apparatus of claim 54 wherein said smart card comprises a Java Card™ technology- 
enabled smart card. 

56. The apparatus of claim 54 wherein said smart card comprises a CDMA (Code Division 
Multiple Access) technology-enabled smart card. 
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57. The apparatus of claim 54 wherein said smart card comprises a SIM (Subscriber Identity 
Module) card. 



58. The apparatus of claim 54 wherein said smart card comprises a WIM (Wireless Interface 
Module). 
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